Chapter 4
Controller and processor
Section 1 – General obligations
Article 24 – Responsibility of the controller
Article 25 – Data protection by design and by default
Article 27 – Representatives of controllers or processors not established in the United Kingdom
Article 29 – Processing under the authority of the controller or processor
Article 30 – Records of processing activities
Article 31 – Cooperation with the Commissioner
Section 2 – Security of personal data
Article 32 – Security of processing
Article 33 – Notification of a personal data breach to the Commissioner
Article 34 – Communication of a personal data breach to the data subject
Section 3 – Data protection impact assessment and prior consultation
Article 35 – Data protection impact assessment
Article 36 – Prior consultation
Section 4 – Data protection officer
Article 37 – Designation of the data protection officer
Article 38 – Position of the data protection officer
Article 39 – Tasks of the data protection officer